Objective
Security consultant for a small doctor’s office consisting of three doctors and two nurses would like to replace the current method of using paper based medical records with automated medical records. The office is physically located among several other professional office spaces, and the doctors have decided they would like to replace the current method of using paper based medical records with automated medical records.
Analyze the risk
Within a given organization, a number of mobile device operating systems are typically in use, and these must be factored into an organization’s security framework. Further, this device support needs to go beyond smart phones. The reality is that smart phones, tablets, and notebooks are complementary in nature. Typically, as consumers adopt a new device type, it won’t signal the abandonment of any of their existing devices. For example, just because individuals purchase a new tablet doesn’t mean that they will stop using their cell phone or laptop. The upshot of this is that security teams need to account for a broad set of devices, a set that gets larger with each passing day.
Particularly as the use of different device types and platforms grows, security administrators can’t feasibly use a different management console for each mobile device platform or type, as this would prove more costly, inefficient, and susceptible to errors. Consequently, businesses need a single solution that can be used to manage all major operating systems, so that they can effectively, consistently, and efficiently apply security policies across each platform. For example, the same type of multi-factor authentication should be supported on all devices.
In addition to centralized control of disparate mobile device platforms and types, security administrators need capabilities that afford a centralized, cohesive means for doing both mobile device management and security policy enforcement. This includes the mobile device management capabilities outlined above such as remote locking and wiping of lost devices, as well as control of such security mechanisms as antivirus, personal firewalls, and more. Further, administrators need a unified management console that can support the following efforts; Establishing and enforcing corporate mobility policies, combining VPN access control with mobile security; Enforcing granular, role-based access control to corporate applications; Delivering seamless, cross-platform authentication for all users, regardless of their device.
Recommendation
In order to ensure that corporate security policies are strictly and